21928 matches found
CVE-2026-34971
creationtimestamp| type| source ---|---|--- 2026-04-09 21:10:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3ptjezrn2g 2026-04-09 21:22:00+00:00| seen| Telegram/6RgwCZFc4Ae1eVERGO141ZaFCzdAoL4kSRzFJKo9cZLKyo 2026-05-24 21:26:28+00:00| seen|...
@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +23 more potentially affected by CVE-2026-41915 via openclaw (>=2026.3.22 <=2026.4.5)
openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-41915 Source advisory: SNYK:JS-OPENCLAW-15989080...
GHSA-CHQC-8P9Q-PQ6Q
creationtimestamp| type| source ---|---|--- 2026-04-09 19:23:14+00:00| seen| Telegram/Y2UpQC9zCL6PqNfAxsSoQJ7YUumR5oW0JI3RILB7SgtOVH4 2026-04-13 12:02:56+00:00| seen| https://gist.github.com/subaruoutbacksteakhouse/755867cb60dca06f145990b4865d6eee...
CGA-24XQ-9C29-Q78H
Bulletin has no description...
MINI-W98V-PG7C-545G
Bulletin has no description...
cybersentinel-agent
CyberSentinel Agent Defensive cybersecurity agent framework w...
MINI-Q649-54VJ-88M4
Bulletin has no description...
MINI-JR2W-W2PF-86M3
Bulletin has no description...
MINI-PFR4-MFPM-27H2
Bulletin has no description...
GHSA-C3H3-89QF-JQM5
creationtimestamp| type| source ---|---|--- 2026-04-09 11:16:38+00:00| seen| Telegram/nE1gVyn8jRxbZ-OhSUewb4fvVZDT-qjlGTvhk8YiMctdMk...
CVE-2026-4436
creationtimestamp| type| source ---|---|--- 2026-04-09 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-02 2026-04-09 21:22:41+00:00| published-proof-of-concept| Telegram/3Mh7UNYEFXpMlnqwZliCqvVomRJKwd1lMrCq1dUb7HxJoTM 2026-04-09 21:37:12+00:00| seen|...
CVE-2026-3568
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the updateuserprofile function in controllers/flutter-user.php processing the 'metadata' JSON parameter without any allowlist, blocklist, or validatio...
CVE-2026-5832
creationtimestamp| type| source ---|---|--- 2026-04-09 03:18:04+00:00| published-proof-of-concept| Telegram/k6H1jBRyYuwqPn43znhK7mg4465TougGvrd7kOsXjIgmqE 2026-04-09 04:44:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mizypx5iqv2j...
CVE-2026-3568 MStore API <= 4.18.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Meta Update
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the updateuserprofile function in controllers/flutter-user.php processing the 'metadata' JSON parameter without any allowlist, blocklist, or validatio...
CVE-2026-3568 MStore API <= 4.18.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Meta Update
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the updateuserprofile function in controllers/flutter-user.php processing the 'metadata' JSON parameter without any allowlist, blocklist, or validatio...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from the execution of reference extensions before channel and DM authorization checks, which could allow...
PT-2026-31567
Name of the Vulnerable Software and Affected Versions MStore API plugin for WordPress versions up to and including 4.18.3 Description The MStore API plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This stems from the update user profile function within...
CVE-2026-33350
creationtimestamp| type| source ---|---|--- 2026-04-08 23:33:06+00:00| seen| Telegram/nb1jq11aD1wlJ1YglJrLy9zN5IvfOUCCPtd3YJ7-KFKCMzY 2026-04-09 07:16:00+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mj2b6vhc752s 2026-04-19 04:07:06+00:00| seen|...
Server-side Request Forgery (SSRF)
Overview @frontmcp/sdk is a FrontMCP SDK Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the initialize process. An attacker can access internal network resources or sensitive local files by submitting a crafted OpenAPI specification containing malicious $r...
CVE-2026-35169
creationtimestamp| type| source ---|---|--- 2026-04-08 21:53:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mizbr4qwcu2i 2026-04-09 01:26:43+00:00| published-proof-of-concept| Telegram/LyxiOFuM6k6JRrVhGkcWrU8R1Vj8dluNTy4xGDA54CBUTMw 2026-04-09 07:15:44+00:00| seen|...